Analyzing app behavior to assist MDM installations

Creating packages, scripts and policies that properly deploy macOS applications can be easy as pie. Especially if your only goal is to repackage a simple app that would otherwise be dragged into the Applications folder without applying further settings, or if the vendor has supplied a suitable .pkg and documented their settings. At other times, … Continue reading Analyzing app behavior to assist MDM installations →

Preloading the Chrome bookmarks bar with Office 365 links and favicons

There are two kinds of Chrome MDM settings: hard and soft ones. Or user-unmodifiable and user-modifiable, if you like. Hard settings can be set using a configuration profile, using the Chromium policy list as a reference. Soft settings are often set using a list of master preferences. The latter isn't very well documented, and if … Continue reading Preloading the Chrome bookmarks bar with Office 365 links and favicons →

Using Jamf and MacDeployStick together to preinstall software

Ever since the macadmin community realized imaging was dead back in 2017, there has been an ongoing search for the most effective scripted installation methods. Using an MDM solution and DEP enrollment in combination, it is possible to achieve a setup similar to and even better than what was possible with imaging. One possible drawback … Continue reading Using Jamf and MacDeployStick together to preinstall software →

Mitigating issues with Microsoft OneDrive on Mac

Note: Microsoft has, as of 2026, largely fixed the issues described in this blog post.Some Microsoft applications have historically shown stability and reliability issues on macOS. OneDrive, for instance has the following issues on macOS: It does not allow files that contain unsupported characters or leading and trailing spaces to be synced. If a folder … Continue reading Mitigating issues with Microsoft OneDrive on Mac →

Create a local record with information from Jamf, for later use in scripting

When running shell scripts on client machines through Jamf, information about the machine and user in question is sometimes needed to get things done right.Among the most frequently used pieces of information:The currently logged-in user: Often used to run shell commands as the user using sudo -u $loggedInUser, since many settings and commands will only … Continue reading Create a local record with information from Jamf, for later use in scripting →

Adding Apple-supported options not yet present in Jamf to MDM configuration profiles

Setting user-unmodifiable options is one of the main purposes of an MDM solution such as Jamf. On Apple Devices, this is mostly done through configuration profiles. Apple has a frequently updated document describing all the different options for macOS and their other operating systems: the Configuration Profile Reference. If you are new to the subject, … Continue reading Adding Apple-supported options not yet present in Jamf to MDM configuration profiles →

Standard users in macOS enterprise settings

Security standards in many organizations require users to run as standard users. In the past, not having local admin rights would often cause issues as more software required elevated rights. For instance, the Adobe applications would not work as expected. On modern versions of macOS and Windows however, users can do most things without local … Continue reading Standard users in macOS enterprise settings →

Solutions to backing up macOS user data

Backing up user data can be a time consuming and risky task. Even though it almost always works out well, even one mistake can be very costly for IT, both in terms of reputation and money. More and more, organizations are therefore leaving responsibility for backing up files to the user. Users handing their machines … Continue reading Solutions to backing up macOS user data →

Best practices: macOS drive erasure

On iPhones and recent Macs with the T2 Secure Enclave, Apple has made sure that cryptographic keys are properly deleted, using effaceable storage. iPhones and T2 machines are encrypted by default. Simply reformatting an iPhone (Erase All Content and Settings) or erasing a drive from Recovery should suffice. Deleting the keys effectively renders the material on … Continue reading Best practices: macOS drive erasure →

Isolate IoT devices with pfSense

Most of us have Wi-Fi-connected devices at home: speakers, printers, robot vacuum cleaners and more. Even though some of these will receive firmware and security updates, they often will not. Isolating your IoT devices for a more secure network An example: Your speakers, even though they might be from a good audio brand and as … Continue reading Isolate IoT devices with pfSense →